I have this as my initializer
Doorkeeper.configure do
orm :active_record
api_only
# Issue access tokens with refresh token
grant_flows ['assertion', 'refresh_token']
use_refresh_token
access_token_expires_in 30.seconds
resource_owner_from_assertion do
provider = params[:provider]
if provider == "facebook"
facebook_auth = ExternalAuthorization::Facebook.new(params[:assertion])
facebook_auth.authorize
end
end
end
But when I issue a request via postman to get a new a refresh token, using
grant_type: "refresh_token"
refresh_token: "...."
I get back
{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
I looked at two other issues posted here:
https://github.com/doorkeeper-gem/doorkeeper/issues/887
https://github.com/doorkeeper-gem/doorkeeper/issues/739
But no clear solution arose from that.
Ruby version: 2.6.6
Hi!
First of all you don't need to add refresh_token to grant flows if you enabled it using user_refresh_token
But when I issue a request via postman to get a new a refresh token, using
Could you please provide a request you're using? Curl would be great (with headers, params, etc)
You can also take a look at the refresh token spec in the gem: https://github.com/doorkeeper-gem/doorkeeper/blob/ecad35f16da90386cf2a9961b9a9bfa5e775b5c9/spec/requests/flows/refresh_token_spec.rb
Got it! I actually tried without the grant_type added but I got the same problem.
My request is as follows:
curl --location --request POST 'http://localhost:3000/oauth2/token?grant_type=refresh_token&refresh_token=0YgTdxidrt-oMRFdtuSXh9L0_5MHhircSWhRDT2GW1c' \
--header 'Accept: application/json'
I think I found the solution! I had to pass client id and client secret along with the refresh_token and grant_type as parameters.
Hm, it's strange that you see invalid_grant instead of invalid_client when client credentials missing :thinking:
Need to check validations for that grant flow
That would have made it a bit easier to debug haha but I got there though! Thanks for the help!
Most helpful comment
I think I found the solution! I had to pass client id and client secret along with the refresh_token and grant_type as parameters.